SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#377804

Multiple Open Software Foundation Distributed Computing Environment (DCE) implementations vulnerable to DoS

Overview

A denial-of-service vulnerability exists in multiple vendor implementations of the Distributed Computing Environment. This vulnerability may allow a remote attacker to cause the service to fail. Note that this vulnerability may be triggered by attackers attempting to exploit VU#568148 and VU#326746.

I. Description

The Open Group describes the Distributed Computing Environment (DCE) as an "industry-standard, vendor-neutral set of distributed computing technologies." They go on to describe DCE as follows:

    DCE provides a complete Distributed Computing Environment infrastructure. It provides security services to protect and control access to data, name services that make it easy to find distributed resources, and a highly scalable model for organizing widely scattered users, services, and data. DCE runs on all major computing platforms and is designed to support distributed applications in heterogeneous hardware and software environments.

A vulnerability has been discovered in DCE which may allow a remote attacker to cause the DCE service to either hang or terminate, which will effectively make it impossible for DCE clients to communicate with the DCE server.

II. Impact

A remote attacker may be able to cause the DCE service to either hang or terminate, which will effectively make it impossible for DCE clients to communicate with the DCE server.

III. Solution

Apply a patch.

Systems Affected

VendorStatusDate Updated
3ComUnknown6-Aug-2003
AlcatelUnknown6-Aug-2003
Apple Computer Inc.Not Vulnerable7-Aug-2003
AT&TUnknown6-Aug-2003
AvayaUnknown6-Aug-2003
BSDIUnknown6-Aug-2003
Cisco Systems Inc.Unknown6-Aug-2003
Computer AssociatesUnknown6-Aug-2003
ConectivaUnknown6-Aug-2003
Cray Inc.Vulnerable6-Aug-2003
D-Link SystemsUnknown6-Aug-2003
Data GeneralUnknown6-Aug-2003
DebianUnknown6-Aug-2003
EngardeUnknown6-Aug-2003
Entegrity Solutions CorpVulnerable7-Aug-2003
Extreme NetworksUnknown6-Aug-2003
F5 NetworksNot Vulnerable8-Aug-2003
Foundry Networks Inc.Not Vulnerable6-Aug-2003
FreeBSDUnknown6-Aug-2003
FujitsuUnknown6-Aug-2003
Hewlett-Packard CompanyVulnerable18-Aug-2003
HitachiUnknown6-Aug-2003
IBMVulnerable8-Aug-2003
Ingrian NetworksNot Vulnerable8-Aug-2003
IntelUnknown6-Aug-2003
Juniper NetworksNot Vulnerable8-Aug-2003
LachmanUnknown6-Aug-2003
Lotus SoftwareNot Vulnerable11-Aug-2003
Lucent TechnologiesUnknown6-Aug-2003
MandrakeSoftUnknown6-Aug-2003
Microsoft CorporationNot Vulnerable7-Aug-2003
MontaVista SoftwareUnknown6-Aug-2003
Multi-Tech Systems Inc.Unknown6-Aug-2003
NEC CorporationUnknown6-Aug-2003
NetBSDNot Vulnerable8-Aug-2003
NetscreenUnknown6-Aug-2003
Network ApplianceUnknown6-Aug-2003
NokiaUnknown6-Aug-2003
Nortel NetworksUnknown6-Aug-2003
OpenBSDUnknown6-Aug-2003
Openwall GNU/*/LinuxNot Vulnerable13-Aug-2003
Oracle CorporationUnknown7-Aug-2003
Red Hat Inc.Unknown6-Aug-2003
Redback Networks Inc.Unknown6-Aug-2003
Riverstone NetworksUnknown6-Aug-2003
SCOUnknown6-Aug-2003
SequentUnknown6-Aug-2003
SGIUnknown6-Aug-2003
Sony CorporationUnknown6-Aug-2003
Sun Microsystems Inc.Not Vulnerable14-Aug-2003
SuSE Inc.Unknown6-Aug-2003
UnisysUnknown6-Aug-2003
Wind River Systems Inc.Unknown6-Aug-2003
WirexUnknown6-Aug-2003
XeroxUnknown6-Aug-2003
ZyXELUnknown6-Aug-2003

References


http://www.opengroup.org/dce/
http://www.secunia.com/advisories/9482/

Credit

This document was written by Ian A Finlay.

Other Information

Date Public08/07/2003
Date First Published08/08/2003 09:18:16 AM
Date Last Updated08/18/2003
CERT Advisory 
CVE Name 
US-CERT Technical Alerts 
Metric22.78
Document Revision17

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader